AWS Transit Gateway simplifies your network and puts an end to complex peering relationships. It acts as a cloud router and scales elastically based on the volume of network traffic. It can centralize connections (known as attachments) from your on-premises networks, and attach to Amazon Virtual Private Clouds (VPC) Virtual Private Networks (VPN), AWS Direct Connect Gateways, Transit Gateways from other Regions, and Transit Gateway Connect peers.

Among these various attachments, VPN, AWS Direct Connect Gateway and Transit Gateway Connect peers have quotas on the number of prefixes that are advertised, both to and from Transit Gateway. Along with attachment-specific quotas, each Transit Gateway has a quota on the total number of routes. These attachment quotas, along with VPC and Transit Gateway peer attachments routes, contribute towards the overall quota. You can learn more about the quotas by referring to the Transit Gateway quotas section of our documentation.

As the number of attachments increases over time, monitoring these quotas from within the AWS Management Console or the Command Line Interface (CLI) becomes complex. In this blog, we walk you through a serverless solution to monitor Transit Gateway attachments and send alerts on the corresponding route limits. This solution uses Amazon CloudWatch, Transit Gateway Network Manager, AWS Lambda and Amazon DynamoDB.

Solution architecture:

Details of solution and implementation steps can be found in this blog post.